Multi-tenancy is by far one of the most effective models for providing IT services. A single instance of the application running on the same server infrastructure, but which is accessible to many users and enterprises, can minimize the cost of providing IT services and maximize their quality. The Zimbra Collaboration Suite Open-Source Edition architecture was originally based on the idea of ββmulti-tenancy. Due to this, in one installation of Zimbra OSE, you can create many mail domains, while their users will not even be aware of each other.
That is why the Zimbra Collaboration Suite Open-Source Edition is an excellent choice for groups of companies and holdings that require each company to provide mail on their own domain, but do not want to spend a lot of money on these goals. Also, Zimbra Collaboration Suite Open-Source Edition could be suitable for SaaS providers that provide access to corporate email and collaboration tools, if not for two significant restrictions: the lack of simple and clear administrator tools for delegating administrator powers, as well as for introducing restrictions on Domains in the Open-Source version of Zimbra. In other words, in Zimbra OSE there is only an API for implementing these functions, but there are simply no special console commands or items in the web administration console. In order to remove these restrictions, Zextras has developed a special add-on Zextras Admin, included in the set of extensions Zextras Suite Pro. Letβs see how Zextras Admin can turn the free Zimbra OSE into a solution that is ideal for the SaaS provider.
In addition to the main administrator account, Zimbra Collaboration Suite Open-Source Edition supports the creation of other administrator accounts, however, each of the created administrators will have the same full authority as the original administrator. Using the built-in function to restrict administrator rights to any one domain in Zimbra OSE via the API is extremely difficult. As a result, this becomes a serious limitation that prevents the SaaS provider from transferring domain management to the client and administering it independently. This, in turn, means that all work on the administration of corporate mail, for example, creating new ones and deleting old mailboxes, as well as creating passwords for them, will have to be done by the SaaS provider. In addition to the obvious increase in the cost of providing the service, it also creates enormous risks associated with information security.
The Zextras Admin extension can solve this problem, which allows you to add the function of differentiation of administrator powers to Zimbra OSE. Thanks to this extension, the system administrator can create an unlimited number of new administrators and restrict their rights as he needs. For example, he can make the administrator of part of the domains of his assistant, if he does not manage to service requests from all clients on his own. This will help increase the speed of response to requests from customers, provide additional information security, as well as improve the quality of work of administrators.
He can also make a user an administrator of one of the domains, limiting his authority to one domain, or add junior administrators who can reset the password or create a new account for users of their domains, but will not have access to the contents of the mailboxes of employees. Thanks to this, it is possible to create a self-service system in which the company will be able to independently manage the mail domain provided to it. This option is not only safe and convenient for the enterprise, but also allows the SaaS provider to significantly reduce the cost of providing services.
It is also noteworthy that all this is done with the help of several commands in the administration console. Let's make sure of this by the example of creating an administrator for the mail.company.ru domain. In order to make admin@company.ru the administrator of the mail.company.ru domain, just enter the zxsuite admin doAddDelegationSettings admin@company.ru mail.company.ru viewMail true command . After that, the user admin@company.ru will become the administrator of his domain and will be able to view the mail of other users.
In addition to creating the main administrator, we will turn one of the managers into a junior administrator using the command zxsuite admin doAddDelegationSettings manager@company.ru mail.company.ru viewMail false . Unlike the main one, the junior administrator will not be able to view employee mail, but will be able to perform other operations, such as creating and deleting a mailbox. This can be very useful at times when the main administrator does not have time to perform routine operations.
Also in Zextras Admin provides the ability to edit permissions. For example, if the main administrator goes on vacation, his duties will be temporarily performed by the manager. In order for the manager to be able to view the employees' mails, it is enough to use the command zxsuite admin doEditDelegationSettings manager@company.ru mail.company.ru viewMail true , and then, when the main administrator returns from vacation, you can again make the manager a junior administrator. Also, users can be deprived of administrator rights by using the zxsuite admin doRemoveDelegationSettings manager@company.ru mail.company.ru command .
It is also important that all of the above functions are duplicated in the Zimbra administration web console. Thanks to this, enterprise domain management becomes available even to those employees who have little experience with the command line. Also, the presence of a graphical interface for these settings can reduce the training time for the employee who will administer the domain.
However, the complexity of delegating administrative rights is not the only serious limitation in Zimbra OSE. In addition, the built-in ability to set limits on the number of mailboxes for domains, as well as restrictions on the space they occupy, is also implemented only through the API. Without such restrictions, it will be difficult for a system administrator to plan the required volume of drives in mail storages. Also, the absence of such restrictions means the impossibility of introducing tariff plans. The Zextras Admin extension is able to remove this restriction. Thanks to the Domain Limits feature, this extension allows you to limit certain domains both by the number of mailboxes and the space occupied by mailboxes.
Suppose that an enterprise using the mail.company.ru domain has acquired a tariff at which it cannot have more than 50 mailboxes, and also occupy more than 25 gigabytes on the hard drive of the mail storage. It would be logical to limit this domain to 50 users, each of whom would receive a 512 megabyte mailbox, but in reality, such restrictions are suitable for all employees of the enterprise. For example, if a simple mailbox with a size of 100 megabytes is enough for a simple manager, then one gigabyte may not be enough for sales staff who are always in active correspondence. And therefore, it would be logical for the company to introduce one restriction for managers, and for sales and technical support employees the tariff is different. This can be achieved by dividing employees into groups, which are called Class of Service in Zimbra OSE, and then set the appropriate restrictions for each group.
To do this, it is enough for the main administrator to enter the command zxsuite admin setDomainSettings mail.company.ru account_limit 50 domain_account_quota 1gb cos_limits managers: 40, sales: 10 . Due to this, a restriction of 50 accounts was introduced for the domain, the maximum mailbox size is 1 gigabyte, and also the separation of mailboxes into two different groups. After that, for 40 users of the "Managers" group, you can set an artificial limit on the mailbox size to 384 megabytes, and the "Salesmen" group leave a limit of 1 gigabyte. Thus, even when fully populated, mailboxes on the domain mail.company.ru will not take up more than 25 gigabytes.
All of the above functionality is also presented in the Zextras Suite web administration console and allows the domain administrator to make the necessary changes as quickly and conveniently as possible, without spending a lot of time on training.
Also, to ensure maximum transparency of interaction between the SaaS provider and the client, Zextras Admin maintains logs of all actions of delegated administrators, which can be viewed directly from the Zimbra OSE administrator console. Also, on the first day of each month, Zextras Admin generates a monthly report on the actions of all administrators, which includes all the necessary data, including failed login attempts, as well as failed attempts to exceed the domain limits.
Thus, Zextras Admin turns Zimbra Collaboration Suite Open-Source Edition into a solution perfectly suited for SaaS providers. Due to the extremely low cost of licensing, as well as a multi-tenant architecture with the possibility of self-service, this solution can allow ISPs to reduce the cost of providing services, make their business more marginal and, as a result, be more competitive.
For all questions related to the Zextras Suite, you can contact the representative of the company "Zextras" Ekaterina Triandafilidi by e-mail katerina@zextras.com